mirror of
https://github.com/elastic/kibana.git
synced 2025-04-24 17:59:23 -04:00
* [Alerting][Docs] Fix rule types categorization * fixed links * fixed separator * Apply suggestions from code review Co-authored-by: gchaps <33642766+gchaps@users.noreply.github.com> * fixed due to comments * fixed due to comments * fixed due to comments * Apply suggestions from code review Co-authored-by: gchaps <33642766+gchaps@users.noreply.github.com> * fixed due to comments * Update docs/user/alerting/rule-types.asciidoc Co-authored-by: ymao1 <ying.mao@elastic.co> * fixed due to comments Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: gchaps <33642766+gchaps@users.noreply.github.com> Co-authored-by: ymao1 <ying.mao@elastic.co> Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: gchaps <33642766+gchaps@users.noreply.github.com> Co-authored-by: ymao1 <ying.mao@elastic.co>
This commit is contained in:
Yuliia Naumenko
GitHub
parent
67db5d0b42
commit
29ae74b217
2 changed files with 39 additions and 19 deletions
|
|
@ -24,7 +24,7 @@ This section describes all of these elements and how they operate together.
|
|||
[float]
|
||||
=== Rules
|
||||
|
||||
A rule specifies a background task that runs on the {kib} server to check for specific conditions. {kib} provides two types of rules: stack rules that are built into {kib} and domain rules that are registered by Kibana apps. Refer to <<rule-types,Rule types>> for more information.
|
||||
A rule specifies a background task that runs on the {kib} server to check for specific conditions. {kib} provides two types of rules: stack rules that are built into {kib} and the rules that are registered by Kibana apps. Refer to <<rule-types,Rule types>> for more information.
|
||||
|
||||
A rule consists of three main parts:
|
||||
|
||||
|
|
@ -53,7 +53,7 @@ to control the details of the conditions to detect.
|
|||
|
||||
For example, an <<rule-type-index-threshold, index threshold rule type>> lets you specify the index to query, an aggregation field, and a time window, but the details of the underlying {es} query are hidden.
|
||||
|
||||
See <<stack-rules>> and <<domain-specific-rules>> for the types of rules provided by {kib} and how they express their conditions.
|
||||
See <<rule-types>> for the rules provided by {kib} and how they express their conditions.
|
||||
|
||||
[float]
|
||||
[[alerting-concepts-scheduling]]
|
||||
|
|
|
|||
|
|
@ -2,7 +2,8 @@
|
|||
[[rule-types]]
|
||||
== Rule types
|
||||
|
||||
A rule is a set of <<alerting-concepts-conditions, conditions>>, <<alerting-concepts-scheduling, schedules>>, and <<alerting-concepts-actions, actions>> that enable notifications. {kib} provides two types of rules: rules specific to the Elastic Stack and rules specific to a domain.
|
||||
A rule is a set of <<alerting-concepts-conditions, conditions>>, <<alerting-concepts-scheduling, schedules>>, and <<alerting-concepts-actions, actions>> that enable notifications. {kib} provides rules built into the Elastic Stack and rules registered by one of the {kib} apps.
|
||||
You can create most rules types in <<create-and-manage-rules,Stack Management > Rules and Connectors>>. For information on creating security rules, refer to {security-guide}/rules-ui-create.html[Create a detection rule].
|
||||
|
||||
[NOTE]
|
||||
==============================================
|
||||
|
|
@ -15,45 +16,64 @@ see {subscriptions}[the subscription page].
|
|||
[[stack-rules]]
|
||||
=== Stack rules
|
||||
|
||||
<<create-and-manage-rules, Stack rules>> are built into {kib}. To access the *Stack Rules* feature and create and edit rules, users require the `all` privilege. See <<kibana-feature-privileges, feature privileges>> for more information.
|
||||
<<create-and-manage-rules, Stack rules>> are built into {kib}. To access the *Stack Rules* feature and create and edit rules, users require the `all` privilege. See <<kibana-feature-privileges, feature privileges>> for more information.
|
||||
|
||||
[cols="2*<"]
|
||||
|===
|
||||
|
||||
| <<rule-type-index-threshold>>
|
||||
| Aggregate field values from documents using {es} queries, compare them to threshold values, and schedule actions to run when the thresholds are met.
|
||||
|
||||
| <<rule-type-es-query>>
|
||||
| Run a user-configured {es} query, compare the number of matches to a configured threshold, and schedule actions to run when the threshold condition is met.
|
||||
|
||||
| {ref}/transform-alerts.html[{transform-cap} rules] beta:[]
|
||||
| <<rule-type-index-threshold>>
|
||||
| Aggregate field values from documents using {es} queries, compare them to threshold values, and schedule actions to run when the thresholds are met.
|
||||
|
||||
| {ref}/transform-alerts.html[{transform-cap} rules]
|
||||
| beta:[] Run scheduled checks on a {ctransform} to check its health. If a {ctransform} meets the conditions, an alert is created and the associated action is triggered.
|
||||
|
||||
| <<geo-alerting, Tracking containment>>
|
||||
| Run an {es} query to determine if any documents are currently contained in any boundaries from a specified boundary index and generate alerts when a rule's conditions are met.
|
||||
|
||||
|===
|
||||
|
||||
[float]
|
||||
[[domain-specific-rules]]
|
||||
=== Domain rules
|
||||
[[observability-rules]]
|
||||
=== Observability rules
|
||||
|
||||
Domain rules are registered by *Observability*, *Security*, <<maps, Maps>> and <<xpack-ml, Machine Learning>>.
|
||||
Observability rules are categorized into APM and User Experience, Logs, Metrics, Stack Monitoring, and Uptime.
|
||||
|
||||
[cols="2*<"]
|
||||
|===
|
||||
|
||||
| {observability-guide}/create-alerts.html[Observability rules]
|
||||
| Detect complex conditions in the *Logs*, *Metrics*, and *Uptime* apps.
|
||||
|
||||
| {security-guide}/prebuilt-rules.html[Security rules]
|
||||
| Detect suspicious source events with pre-built or custom rules and create alerts when a rule’s conditions are met.
|
||||
| <<apm-alerts, APM and User Experience>>
|
||||
| Detect complex conditions in *APM* data and trigger built-in actions when the conditions are met.
|
||||
|
||||
| <<geo-alerting, Maps rules>>
|
||||
| Run an {es} query to determine if any documents are currently contained in any boundaries from a specified boundary index and generate alerts when a rule's conditions are met.
|
||||
| {observability-guide}/create-alerts.html[Logs rules]
|
||||
| Detect complex conditions in the *Logs* app.
|
||||
|
||||
| {ml-docs}/ml-configuring-alerts.html[{ml-cap} rules] beta:[]
|
||||
| beta:[] Run scheduled checks on an {anomaly-job} to detect anomalies with certain conditions. If an anomaly meets the conditions, an alert is created and the associated action is triggered.
|
||||
| {observability-guide}/create-alerts.html[Metrics rules]
|
||||
| Detect complex conditions in the *Metrics* app.
|
||||
|
||||
| <<kibana-alerts,Stack Monitoring>>
|
||||
| Provide {kib} Alerting rules out-of-the box to notify you of potential issues in the Elastic Stack.
|
||||
|
||||
| {observability-guide}/create-alerts.html[Uptime rules]
|
||||
| Detect complex conditions in the *Uptime* app.
|
||||
|
||||
|===
|
||||
|
||||
[float]
|
||||
[[ml-rules]]
|
||||
=== Machine learning rules
|
||||
|
||||
beta:[] {ml-docs}/ml-configuring-alerts.html[{ml-cap} rules] run scheduled checks on an {anomaly-job} to detect anomalies with certain conditions. If an anomaly meets the conditions, an alert is created and the associated action is triggered.
|
||||
|
||||
[float]
|
||||
[[security-rules]]
|
||||
=== Security rules
|
||||
|
||||
Security rules detect suspicious source events with pre-built or custom rules and create alerts when a rule’s conditions are met. For more information, refer to {security-guide}/prebuilt-rules.html[Security rules].
|
||||
|
||||
include::rule-types/index-threshold.asciidoc[]
|
||||
include::rule-types/es-query.asciidoc[]
|
||||
include::rule-types/geo-rule-types.asciidoc[]
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue